mbox series

[RFC,0/6] Initial Skiboot Secure Variable Support

Message ID 20190328221754.20838-1-erichte@linux.ibm.com
Headers show
Series Initial Skiboot Secure Variable Support | expand

Message

Eric Richter March 28, 2019, 10:17 p.m. UTC
In order to support the secure boot of the host OS on POWER, the platform
needs three things:
 - Variables that can only be modified with proper authorization
      ("Secure variables")
 - Tamper-proof storage for secure variables ("Trust storage")
 - Interface to access and manage secure variables

The secure variables will need to be consumed by the linux kernel and
sysadmins. During the boot process, the linux IMA subsystem will fetch
keys stored in the secure variables to verify the signature of the kexec
image. Therefore, these variables must contain keys that have been
authorized. Furthermore, the variables need to be persisted across reboots,
and thus must be resistant to unauthorized writes to system flash. Finally,
sysadmins also need to access the secure variables for key management.

This patch series proposes a definition of secure variables, how to store
the secure variables in the trust storage via the PNOR secboot partition,
as well as an interface via OPAL runtime services to access them. Further
implementation detail can be found in the individual patch descriptions. 

As this is an early draft of this implementation, some key features are
not yet included (most notably, the PNOR secboot partition is not
validated on load, see patch description for more). Many of these missing
features are mentioned in the patches as TODO comments -- some of which
are open questions, so comments or suggestions would be greatly
appreciated.


NOTE: This set replaces the implementation proposed in a previous RFC patch
set, "Initial Implementation of Secure Boot Key Management support".
Internal design has deviated since, and so this set reflects those
changes.


ON TESTING: This patch series is intended to be paired with a forthcoming
linux kernel patch set, to be sent by Claudio Carvalho. The patches may
also be exercised in userspace via a simple test framework located at the
following internal Github repository (will be integrated in the tree in
the future):

https://github.com/erichte-ibm/secvar-test

Claudio Carvalho (1):
  core/flash.c: add SECBOOT read and write support

Eric Richter (5):
  doc: add opal secvar documentation
  libstb: add secure variable internal abstraction
  libstb: add opal runtime services for secure boot key management
  libstb: add secvar flash storage implementation for pnor-based p9
    platforms
  secureboot: initialize secure variables on secureboot init

 core/flash.c                 | 130 ++++++++++++++++
 doc/opal-api/opal-secvar.rst | 199 ++++++++++++++++++++++++
 include/opal-api.h           |   6 +-
 include/platform.h           |   4 +
 libstb/Makefile.inc          |   2 +-
 libstb/secboot_p9.c          | 293 +++++++++++++++++++++++++++++++++++
 libstb/secboot_p9.h          |   6 +
 libstb/secureboot.c          |   3 +
 libstb/secvar.c              | 152 ++++++++++++++++++
 libstb/secvar.h              |  85 ++++++++++
 libstb/secvar_api.c          | 203 ++++++++++++++++++++++++
 11 files changed, 1081 insertions(+), 2 deletions(-)
 create mode 100644 doc/opal-api/opal-secvar.rst
 create mode 100644 libstb/secboot_p9.c
 create mode 100644 libstb/secboot_p9.h
 create mode 100644 libstb/secvar.c
 create mode 100644 libstb/secvar.h
 create mode 100644 libstb/secvar_api.c